Forwarding all DNS to Adguard except one VLAN

Hi, I'm wondering to use iptables to forward all my DNS traffic to my AdguardHome docker EXCEPT one VLAN gateway.

e.g. ( VLAN 1 ) forward to ( Adguardhome IP ) ( VLAN 2 ) - to keep using, no forwarding rule ( VLAN 3 ) forward to ( Adguardhome IP )

So, I put the following on the firewall custom rules at first in order to forward all interfaces to my Adguardhome.

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -I PREROUTING -i br+ ! -s -p tcp --dport 53 -j DNAT --to
iptables -t nat -I PREROUTING -i br+ ! -s -p udp --dport 53 -j DNAT --to

May I know what should I add for the sake of keeping VLAN 2 to use as DNS without leaking?

Thanks for your help!!!

Thanks Ileachill. Is that possible to modify the scripts directly in my previous post to exclude my VLAN 2 traffic?

Yes, it is.

Edit - acutally thinking about it. It would just be easier to pass dns directly to your vlan 2 group and pass your filtered DNS to the other two. Just change the DHCP settings for each group.

edit2 - also if you werent aware there is a way to run AGH on your router directly either by using the AGH edge client or the opkg openwrt version. [How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

IIRC you can do it via AGH itself

you can specify rules for clients or client groups. has more info.

mercygroundabyss, thanks for your advice and I will try. By the way, I know the AGH is able being installed directly on my router but the size of /tmp/ will become bigger. I am afraid to pay lots of efforts for maintenance.

As long as you have space it should be ok. I'm guessing you using the opkg version that keeps its data in /tmp? That means you will flush on reboot.

On a full install to the /opt folder you really require about 100mb of space.
35mb for the AGH binary and again for when it backups and upgrades. (that's in the agh-backup folder)
My Filters take 20mb for me. (Again you can raise or lower this depending on what lists you use)

However you will need to tweak your logging.

I am keeping

  • 90 days of statistics (2mb file at present)
  • 7 days of query logs (last 7 days was 53mb)

You can turn these off or down as required. I've included my listings of the folders to give an overview.

Thanks for your sharing. I'm now trying according to your advice.

